OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] EUROPE adopts STIX and TAXII


Carol et al – STIX/TAXII 2.0 are very different from STIX 1.2/TAXII 1.1.

 

I agree it’s a good thing for EU recognition of a standard but STIX 1.2 is not compatible with STIX 2.0.

 

I think OASIS need to help educate the marketplace and the governments that rely on the market to understand that versions matter in this regard.

 

Therefore what does the recognition really mean when it comes to procurement?

 

A STIX 1.2 product is not interchangeable with a STIX 2.0 product necessarily or vis-versa.

 

Please advise.

 

Allan Thomson,

CTO, Lookingglass Cyber Solutions

This electronic message transmission contains information from LookingGlass Cyber Solutions, Inc. which may be attorney-client privileged, proprietary and/or confidential. The information in this message is intended only for use by the individual(s) to whom it is addressed.  If you believe that you have received this message in error, please contact the sender, delete this message, and be aware that any review, use, disclosure, copying or distribution of the contents contained within is strictly prohibited

 

 

From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>
Date: Tuesday, January 9, 2018 at 12:34 PM
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Chet Ensign <chet.ensign@oasis-open.org>
Subject: Re: [cti] EUROPE adopts STIX and TAXII

 

Hello. 

I can confirm that the recognition covers subsequent versions.  The Decision was taken based on the version that was available at the start of the process.

Hoping this reassures you.

Well done! 

Carol 

 

On 9 Jan 2018 9:16 p.m., "Jason Keirstead" <Jason.Keirstead@ca.ibm.com> wrote:

I don't know anything at all about this process - but I noticed it specifically mentions the STIX 1.2 and TAXII 1.1 versions.

        ‘Structured Threat Information _expression_’ (‘STIX 1.2’) and ‘Trusted Automated Exchange of Indicator Information’ (‘TAXII 1.1’) developed by the Organization for the Advancement of Structured Information Standards (‘OASIS’).

How would we get STIX 2.0 and TAXII 2.0 added to this? Anyone have any ideas? Or does it matter? Anyone have insights?


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

"Things may come to those who wait, but only the things left by those who hustle." - Unknown




From:        Chet Ensign <chet.ensign@oasis-open.org>
To:        Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org>
Cc:        OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date:        01/09/2018 03:59 PM
Subject:        Re: [cti] EUROPE adopts STIX and TAXII
Sent by:        <cti@lists.oasis-open.org>





Let me add my congratulations folks. You've worked hard these past years. Seeing you get this recognition is a great start to 2018! 

Good work! 

/chet

On Tue, Jan 9, 2018 at 2:56 PM, Carol Cosgrove-Sacks <carol.cosgrove-sacks@oasis-open.org> wrote:
Dear Members of the CTI TC,

I have just been informed  that the EU has made a formal Decision to recognize the use of STIX 1.2 and TAXII 1.1 for use in public procurement.


Please see Commission Implementing Decision (EU) 2017/2288 of 11 December 2017:  http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1515520575463&uri=CELEX:32017D2288

Congratulations! This Decision covers all 28 EU countries and is also applied by the 4 EFTA countries.*

I am delighted that your excellent work has received such high level recognition.

Dr Carol Cosgrove-Sacks
Senior Advisor on International Standards Policy
OASIS

 

*(EU: Austria, Belgium,  Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland,  France, Germany, Greece, Hungary, Ireland,  Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom;

EFTA: Iceland, Liechtenstein, Norway and Switzerland.)


--




--

/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]